Steal Application Access Token (AWS)


Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.Application access tokens are used to make authorized API requests on behalf of a user or service and are commonly used as a way to access resources in cloud and container-based applications and software-as-a-service (SaaS).OAuth is one commonly implemented framework that issues tokens to users for access to systems. Adversaries who steal account API tokens in cloud and containerized environments may be able to access data and perform actions with the permissions of these accounts, which can lead to privilege escalation and further compromise of the environment.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Cloud SecurityCloudRead-onlyHTTPSList of AWS lambda

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Collection

Platform: AWS

Products Required: Tenable Cloud Security

Tenable Release Date: 2022 Q4